nTimetools Logo

nTimetools

0
Free
Visit Website

nTimetools is a suite of console tools developed to work with timestamps in Windows. nTimetools comprises 2 tools that allow both forensic analysts as well as red teamers to modify and verify file timestamps up to 100-nanosecond precision. nTimeview allows forensic analysts to view the MACB timestamps of files on a live system. It uses the undocumented NtQueryInformationFile API. As such, it works on NTFS/FAT and even mapped drives. It does not require privileged access. nTimestomp allows red teamers to timestomp MACB timestamps of files with 100-nanosecond level precision. Forensic analysts are usually taught to spot 0s in the millisecond position as evidence that timestomping has occurred.

FEATURES

ALTERNATIVES

A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.

A shell script for basic forensic collection of various artefacts from UNIX systems.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

DMG2IMG is a tool for converting Apple compressed dmg archives to standard image disk files with support for zlib, bzip2, and LZFSE compression.

Online platform for image steganography analysis

A command-line utility for extracting human-readable text from binary files.

A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.